Security configuration management (SCM) involves maintaining a secure baseline configuration for an organization’s systems and monitoring those assets for deviations from that baseline. This fundamental control pairs well with other elements of an organization’s security strategy. As such, SCM enables security teams to harden their organization’s cloud workloads, industrial environments and other IT assets against digital threats.

During the previous weeks, we provided a thorough overview of the EU NIS Directive, focusing on the Operators of Essential Systems (OES), the Digital Service Providers (DSP) and the compliance frameworks. Our review of the EU cybersecurity policy and strategy would be incomplete without mentioning the EU Cybersecurity Act.

According to its own website, FedRAMP serves three different of partners: federal agencies, Cloud Service Providers (CSP) and third-party assessment organizations. This article will focus on CSPs and how a good CSP can provide services that provide monetary savings for your agency.

Today, data analytics, automation, connectivity, and remote monitoring have made great progress and have brought innovations in every sphere of modern civilization. The digitization in day-to-day human activities has been revolutionized by the Internet of Things (IoT). Based on Gartner’s Forecast database, we can expect that there will be approximately 14 billion devices connected to the internet by 2022. With more devices connected, it will change the way we do business and use resources.

There is a story from years ago about a warehouse network of computers that was separated from the main network. Those machines were running older OSes. But since they weren’t connected to the company network, didn’t hold company data, and only ran the warehouse machines, they were deemed secure. One day, the sysadmin noticed that all of those computers had a glitch at the same time. He remotely rebooted and went back to his desk. But they all glitched again. What happened?

Gone are the days when security teams could focus all of their efforts on keeping attackers out of the network. There’s no inside or outside anymore. The modern network is porous; it allows greater numbers and types of devices to connect to it from all over the world. This characteristic might serve organizations’ evolving business needs as they pursue their respective digital transformations. But it complicates their security efforts.

Accidents or mistakes are bound to happen. Even if healthcare providers and business associates are compliant to HIPAA Standards, there is always a possibility of unintentional or accidental disclosure of Protected Health Information (PHI). Accidental disclosure of PHI includes sending an email to the wrong recipient and an employee accidentally viewing a patient’s report, which leads to an unintentional HIPAA violation.

After the global outbreak of coronavirus 2019 (COVID-19), organizations quickly transitioned to remote work in order to enforce social distancing and to keep their employees safe. But this work-from-home arrangement opened up organizations to more risk as well as less redundancy and resilience.

On August 15th the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware. The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers.

A friend of mine received an interesting piece of snail mail the other day. It was one of those inheritance scam letters that usually arrive in E-Mail. In summary, the author, a high-ranking bank official, has an unclaimed inheritance that he is willing to split with the letter’s recipient if the recipient will accept the responsibility of being appointed as the heir to the deceased’s money, etcetera, etcetera. As you can see, it bears all the earmarks of the traditional scam message.

“Send it to the cloud” has been the increasingly common response over the years for dealing with the issue of how to handle massive amounts of data. On one side, I understand it. Another infrastructure owned by a third party who has teams dedicated to implementing security by design, continuous testing and validation – this all sounds attractive.

At the outset of the global coronavirus 2019 (COVID-19) pandemic, many organizations decided to enforce social distancing by requiring that their employees begin working from home. This decision changed the fundamental way in which many employees were accustomed to working. It also created new security challenges for organizations that had larger remote workforces.

Tripwire is very much household name within the cybersecurity community. It’s been around from the early days of creating intrusion detection software that would later be known as File Integrity Monitoring (FIM) all the way through to deploying a portfolio of products that focuses on SCM, Vulnerability Management, Asset Management, Industrial Cybersecurity and much more!

Digital attackers can compromise a system in a matter of minutes. But it generally takes organizations much longer to figure out that anything has happened. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that more than half of large organizations took days or even months to detect a security incident. Such dwell time gave attackers all they needed to move throughout an infected network and exfiltrate sensitive data.

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment.

Cloud misconfigurations are no laughing matter. In its “2020 Cloud Misconfigurations Report,” DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion between January 1, 2018 and December 31, 2019. The problem is that those costs could be even higher; as reported by ZDNet, 99% of IaaS issues go unreported.

A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims’ Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain.

It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear home WiFi routers. The cause? Outdated firmware that allows remote users to access the administrative systems in these routers.

Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their victims’ infected devices.

Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, but she would not get hired for this job. She has a good functioning nose, but she’s not trained to detect these things and wouldn’t be able to tell me when she finds something troublesome.

Technology and cyber systems have become essential components of modern society. Despite the benefit of cyber technologies, insecurities arise. These could affect all systems and infrastructures. More than that, the threat of a cyberattack could very well have a transnational component and effect as worldwide systems become increasingly interconnected.

Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.” In football, as in life and IT Security, starting with the basics is the most important step you can take. Don’t assume anything. So, let us begin with the basics. CIS is the Center for Internet Security.

The mechanical lock is perhaps the most fundamental, tangible, and familiar layer of security in our daily lives. People lock their doors with the expectation that these locks will keep the bad people out, but there’s a common adage in the security industry that locks are only good at keeping honest people honest. This is perhaps truer than ever in the era of the IoT “smart lock” where lock picks and bump keys can often be replaced by scripts and sniffers.

In its Vision 2030 development plan, Saudi Arabia included a National Transformation Program whose purpose is to diversify the Kingdom’s income away from the oil industry. One of the core tenets of that program is to enable the growth of the private sector by developing the digital economy. Specifically, Saudi Arabia set out its intention to increase the contribution of the digital economy that’s non-oil GDP from 2% to 3% by 2030.

COVID-19 forced organizations all over the world to transition their employees to a work-from-home policy. That change came at a time when organizations’ connected infrastructure is more complex than ever. Such complexity doesn’t just extend across IT environments, either. Indeed, machines and production processes are also becoming increasingly complex as organizations with OT environments seek to address the challenges of the 21st century.

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs to be addressed.